2147 matches found
EUVD-2025-14469
Malicious code in bioql PyPI...
EUVD-2023-26214
Malicious code in bioql PyPI...
EUVD-2024-18680
Malicious code in bioql PyPI...
EUVD-2025-21152
Malicious code in bioql PyPI...
EUVD-2022-26518
Malicious code in bioql PyPI...
EUVD-2024-18902
Malicious code in bioql PyPI...
CVE-2023-28760
TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...
CVE-2023-28760
TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...
mysql: Optimizer unspecified vulnerability (CPU Jul 2025)
A denial of service flaw was found in MySQL. This flaw allows a privileged attacker with network access via multiple protocols to cause a crash in the MySQL server...
mysql: Optimizer unspecified vulnerability (CPU Jul 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...
CVE-2025-55322
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network...
lerobot 安全漏洞
lerobot is a robot programming library open-sourced by Hugging Face. A security vulnerability exists in huggingface LeRobot 0.3.3 and earlier versions, which stems from a lack of authentication in the ZeroMQ Socket Handler component and could lead to an attack within the local network...
GHSA-MCVP-RPGG-9273 DragonFly's tiny file download uses hard coded HTTP protocol
Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...
CVE-2025-59347
CVE-2025-59347 affects Dragonfly before version 2.1.0, where the Manager disables TLS certificate verification in HTTP clients and cannot re-enable it; an attacker performing a network-level MITM can supply invalid data to the Manager, causing the preheater to operate on wrong data, leading to de...
mysql: InnoDB unspecified vulnerability (CPU Jul 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
mysql: Components Services unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2025-47997
Concurrent execution using shared resource with improper synchronization 'race condition' in SQL Server allows an authorized attacker to disclose information over a network...
CVE-2025-54095
Out-of-bounds read in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
CVE-2025-54113
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
CVE-2025-55232
Deserialization of untrusted data in Microsoft High Performance Compute Pack HPC allows an unauthorized attacker to execute code over a network...